Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/LzU1heTxpTvycmpud5XFL6Y1t44.roa
File:                     LzU1heTxpTvycmpud5XFL6Y1t44.roa (raw, json)
Hash identifier:          /QbI3G1v2wBmiGWVboju/wyMZRIEnlggc/iyMwiflMA=
Subject key identifier:   2F:35:35:85:E4:F1:A5:3B:F2:72:6A:6E:77:95:C5:2F:A6:35:B7:8E
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018BECE0DE41E4BCCE14D48CBDBDDA19D6F0
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/LzU1heTxpTvycmpud5XFL6Y1t44.roa
Signing time:             Mon 20 Nov 2023 13:17:21 +0000
ROA not before:           Mon 20 Nov 2023 13:17:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39569
IP address blocks:        86.106.81.0/24 maxlen: 24
                          89.47.117.0/24 maxlen: 24
                          89.40.82.0/23 maxlen: 23
                          89.42.142.0/23 maxlen: 23
                          188.241.3.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 00:29:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:ec:e0:de:41:e4:bc:ce:14:d4:8c:bd:bd:da:19:d6:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Nov 20 13:17:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2f353585e4f1a53bf2726a6e7795c52fa635b78e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:38:be:59:d2:74:9b:32:f6:a9:60:e0:cf:d3:
                    a3:b3:97:55:26:d6:d9:88:6a:01:b8:c6:32:38:81:
                    06:32:61:c6:07:8f:65:de:f9:6e:24:f4:d5:6f:72:
                    27:2f:f6:6a:33:64:48:1b:cf:33:58:f9:66:e4:a1:
                    96:5e:67:aa:a5:e4:54:27:59:a9:33:6b:f1:e0:c3:
                    ef:92:bc:50:18:5c:90:c7:8e:b2:d2:ea:ba:15:04:
                    26:e2:bc:47:f3:dd:8e:a2:13:25:0c:1d:d1:2e:d2:
                    ca:04:89:a2:bd:3c:b1:10:3d:04:32:ba:7c:05:2f:
                    2f:e0:e8:e0:75:1b:39:e1:2d:e9:50:58:e3:4e:a0:
                    0c:5d:0d:83:42:5d:5d:e7:fa:a6:3f:92:05:ea:1e:
                    b0:4f:ed:9a:f7:20:2f:3a:e5:71:1d:f5:3c:dc:23:
                    36:60:16:6a:60:75:85:7f:b0:f3:76:25:a7:a2:ed:
                    e9:cd:88:9d:1f:42:74:24:d0:b2:5e:8d:77:fb:55:
                    8d:89:c8:f2:a2:a4:6b:0a:b0:05:07:1b:3e:df:b2:
                    00:5c:89:a5:d0:60:52:83:23:f7:74:38:f2:37:dd:
                    29:9a:ac:f1:6f:c4:c5:f2:9c:b0:fc:19:be:d5:7e:
                    72:6f:92:cd:43:12:a8:e0:6b:5e:12:1b:ee:5f:b8:
                    19:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:35:35:85:E4:F1:A5:3B:F2:72:6A:6E:77:95:C5:2F:A6:35:B7:8E
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/LzU1heTxpTvycmpud5XFL6Y1t44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.106.81.0/24
                  89.40.82.0/23
                  89.42.142.0/23
                  89.47.117.0/24
                  188.241.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:e2:a2:b6:22:66:0e:30:a6:e2:85:9f:28:c9:1f:a2:b7:33:
         c3:69:90:af:37:8a:ac:4e:8d:b1:0b:61:8b:91:df:9a:ff:19:
         8d:3c:af:c8:19:a7:98:cc:3a:de:b7:7c:7f:0f:89:b9:f4:19:
         1f:1e:86:4f:1a:cb:57:9b:93:79:e2:e7:2e:53:26:50:f9:8f:
         7a:d9:06:7f:a0:20:0d:c6:4a:f9:6b:da:37:d3:f8:e5:ea:4d:
         1b:da:2c:f6:01:03:16:9d:61:93:78:88:21:b2:1c:b4:02:d1:
         98:22:0d:68:ce:3d:b9:95:6d:35:cf:a6:35:c2:e6:a6:8c:5a:
         4f:77:a1:e9:bd:08:30:71:59:fa:ba:4d:ac:53:a4:c9:85:f7:
         1f:27:a1:7b:ba:ad:f8:5f:b1:af:fa:7c:7d:ed:4e:97:4d:95:
         67:de:db:4e:fc:f4:73:39:c4:f7:77:4f:ff:d7:1b:55:bb:e6:
         39:a5:a3:ba:95:c7:81:d6:81:ca:ac:c9:0a:ac:b2:61:56:fe:
         31:cf:77:a5:33:4a:a1:c6:e1:70:ee:88:54:dd:1d:42:8b:00:
         20:f3:8c:84:40:e0:37:cf:2f:97:05:c8:90:91:82:ca:59:a4:
         2b:59:8d:09:1c:a3:e7:a3:98:d9:5c:1a:be:83:c1:7a:0b:a3:
         88:ac:9f:1e
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYvs4N5B5LzOFNSMvb3aGdbwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjMxMTIwMTMxNzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjM1MzU4NWU0ZjFhNTNiZjI3MjZhNmU3Nzk1YzUyZmE2MzViNzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzi+WdJ0mzL2qWDgz9Ojs5dVJtbZ
iGoBuMYyOIEGMmHGB49l3vluJPTVb3InL/ZqM2RIG88zWPlm5KGWXmeqpeRUJ1mp
M2vx4MPvkrxQGFyQx46y0uq6FQQm4rxH892OohMlDB3RLtLKBImivTyxED0EMrp8
BS8v4OjgdRs54S3pUFjjTqAMXQ2DQl1d5/qmP5IF6h6wT+2a9yAvOuVxHfU83CM2
YBZqYHWFf7DzdiWnou3pzYidH0J0JNCyXo13+1WNicjyoqRrCrAFBxs+37IAXIml
0GBSgyP3dDjyN90pmqzxb8TF8pyw/Bm+1X5yb5LNQxKo4GteEhvuX7gZDwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFC81NYXk8aU78nJqbneVxS+mNbeOMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvTHpVMWhlVHhwVHZ5Y21wdWQ1WEZMNlkxdDQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAVmpRAwQB
WShSAwQBWSqOAwQAWS91AwQAvPEDMA0GCSqGSIb3DQEBCwUAA4IBAQAv4qK2ImYO
MKbihZ8oyR+itzPDaZCvN4qsTo2xC2GLkd+a/xmNPK/IGaeYzDret3x/D4m59Bkf
HoZPGstXm5N54ucuUyZQ+Y962QZ/oCANxkr5a9o30/jl6k0b2iz2AQMWnWGTeIgh
shy0AtGYIg1ozj25lW01z6Y1wuamjFpPd6HpvQgwcVn6uk2sU6TJhfcfJ6F7uq34
X7Gv+nx97U6XTZVn3ttO/PRzOcT3d0//1xtVu+Y5paO6lceB1oHKrMkKrLJhVv4x
z3elM0qhxuFw7ohU3R1CiwAg84yEQOA3zy+XBciQkYLKWaQrWY0JHKPno5jZXBq+
g8F6C6OIrJ8e
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:49 2024 by rpki-client on console-ams.rpki-client.org